Data Loss Prevention (DLP) involves computer and information security, where DLP systems identify, monitor, and protect data in use (e.g., endpoint actions), data in motion (e.g., network actions), and data at rest (e.g., data storage). Typically, a DLP system creates fingerprints of confidential information that requires protection, and then uses the fingerprints to detect the presence of confidential information in various files, messages and the like. Confidential information may be stored in a structured form such as a database, a spreadsheet, etc., and may include, for example, customer, employee, patient or pricing data. In addition, confidential information may include unstructured data such as design plans, source code, CAD drawings, financial reports, etc.
Many organizations store large amounts of confidential information in files that are accessible to users within the organization. Since access to this data is essential to the job function of many users within the organization, there are many possibilities for theft or accidental distribution of this confidential information. Theft or benign inadvertent disclosure of confidential information represents a significant business risk in terms of the value of the intellectual property and compliance with corporate policies, as well as the legal liabilities related to government regulatory compliance. However, with a large number of files and users, it is difficult to assess which confidential files have a high risk of distribution and need to be remediated quickly.